Name of the Vulnerable Software and Affected Versions web3 versions (affected versions not specified)

Description The issue concerns Insecure Credential Storage. The package stores encrypted wallets in local storage and requires a password to load the wallet. Once the wallet is loaded, the private key is accessible via LocalStorage. Exploiting this issue likely requires a Cross-Site Scripting vulnerability to access the private key.

Recommendations Consider using an alternative module until a fix is made available. At the moment, there is no information about a newer version that contains a fix for this issue.